Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionCVE.org
Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain a stack-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
AnalysisAI
Stack-based buffer overflow in Dell PowerProtect Data Domain DD OS allows remote unauthenticated attackers to execute arbitrary commands on vulnerable appliances. Affects Feature Release versions 7.7.1.0-8.6, LTS2025 (8.3.1.0-8.3.1.10), and LTS2024 (7.13.1.0-7.13.1.60). Despite network-accessible attack vector (AV:N/PR:N), high attack complexity (AC:H) indicates specialized exploit conditions. CISA SSVC framework rates exploitation as 'none' and automatable as 'no', suggesting manual, targeted exploitation rather than mass scanning. No active exploitation confirmed at time of analysis. Dell has released patches across all affected release tracks (DSA-2026-060).
Technical ContextAI
This vulnerability affects Dell PowerProtect Data Domain appliances running DD OS (Domain Operating System), an enterprise-class data protection platform for backup and recovery. The flaw is a CWE-121 stack-based buffer overflow, a memory corruption issue where unbounded input overwrites adjacent stack memory including return addresses and local variables. Unlike heap overflows, stack-based overflows can directly control program execution flow by overwriting return pointers. The vulnerability exists in a network-accessible service component that processes remote input without proper bounds checking. CPE identifier cpe:2.3:a:dell:powerprotect_data_domain indicates the software-level DD OS component across multiple hardware platforms. Dell maintains three parallel release tracks (Feature, LTS2025, LTS2024), all of which contain vulnerable code paths, suggesting the flaw exists in shared network protocol parsing or API handling code introduced in 7.7.1.0 timeframe.
RemediationAI
Apply Dell-provided patches immediately for internet-exposed appliances, within 30 days for internal deployments per DSA-2026-060. Feature Release track: upgrade to DD OS 8.6.1.10 or 8.7.0.0 or later. LTS2025 track: upgrade to 8.3.1.20 or 8.3.1.30 (specific version depends on current baseline per EUVD data). LTS2024 track: apply 7.13.1.60 or later (note: EUVD references 2.7.9 variant for specific configurations-consult advisory for deployment-specific guidance). Download patches from Dell Support portal linked in DSA-2026-060. If immediate patching is infeasible, implement compensating controls: restrict network access to DD management interfaces using firewall rules allowing only trusted backup infrastructure IPs (blocks remote unauthenticated exploitation but limits operational flexibility for remote management); deploy intrusion detection signatures for anomalous DD protocol traffic patterns (provides detection but not prevention); enable detailed audit logging for forensic visibility (post-compromise detection only). Each mitigation reduces attack surface but patching remains the only complete remediation. Backup configurations before upgrade and validate replication health post-patch per Dell change control procedures.
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2
The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default passwor
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute
Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) t
An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance vers
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not requir
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote at
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25050
GHSA-h5cf-xw55-j4wj